-
Notifications
You must be signed in to change notification settings - Fork 380
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MSC3823: Account Suspension #3823
Open
Yoric
wants to merge
7
commits into
matrix-org:main
Choose a base branch
from
Yoric:yoric/errcode-suspended
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
b3a4a79
MSC: A code for account suspension
Yoric a0b2378
WIP: Adding prefix
Yoric fe62d93
Update proposals/3823-code-for-account-suspension.md
Yoric 35cb1c4
Apply suggestions from code review
turt2live 6dbe71d
Update for latest requirements
turt2live d1b461d
Clarify MSC
turt2live c54e982
Clarify differences in locking vs suspension, and future scope
turt2live File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
# MSC3823: A code for account suspension | ||
Yoric marked this conversation as resolved.
Show resolved
Hide resolved
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
This MSC introduces a new error code that servers may send to clarify that an account has been | ||
suspended *temporarily* but may still be reactivated. | ||
|
||
## Proposal | ||
|
||
### Introduction | ||
|
||
Matrix has a code `M_USER_DEACTIVATED` that a server may return to describe an account that has been | ||
deactivated. So far, this code has been used to represent accounts that have been *permanently* | ||
deactivated. In particular, clients that interpret this error code display it imply that the account | ||
has been *permanently* deactivated. | ||
|
||
However, some countries (e.g. UK) have laws that require the ability to appeal account | ||
deactivations. This requires the ability to specify that an account is *reversibly* | ||
suspended and let users know about the appeals procedure. | ||
|
||
This MSC simply introduces a new error code `M_USER_ACCOUNT_SUSPENDED` that servers may send to | ||
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
|
||
clarify that an account has been suspended but that the solution may still be resolved either by | ||
an appeal or by e.g. clearing up some abusive messages. | ||
|
||
This MSC does *not* specify a mechanism to suspend or unsuspend the account or to handle appeals. | ||
|
||
### Proposal | ||
|
||
Introduce a new error code `M_USER_ACCOUNT_SUSPENDED`. This error code MAY be sent by the server | ||
whenever a client attempts to use an API on behalf of a user whose account has been suspended. | ||
|
||
| Name | Type | Value | | ||
|------|------|-------| | ||
| `href` | string | (optional) If specified, a URL containing more information for the user, such as action needed. | | ||
|
||
The client is in charge of displaying an error message understandable by the user in case of `M_USER_ACCOUNT_SUSPENDED`, | ||
as well as a link to `href`. | ||
|
||
The web server serving `href` is in charge of localizing the message, using existing HTTP mechanisms, | ||
to adapt the page to the end user's locale. | ||
|
||
#### Examples | ||
|
||
Returning a static page: | ||
|
||
```json | ||
{ | ||
"errcode": "M_USER_ACCOUNT_SUSPENDED", | ||
"error": "The user account has been suspended, see link for details", | ||
"href": "https://example.org/help/my-account-is-suspended-what-can-i-do | ||
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
``` | ||
|
||
Returning a dynamic page customized for this specific user: | ||
|
||
```json | ||
{ | ||
"errcode": "M_USER_ACCOUNT_SUSPENDED", | ||
"error": "The user account has been suspended, see link for details", | ||
"href": "https://example.org/action-needed/please-redact-events?event-id=$event_1:example.org&event-id=$event_2:example.org | ||
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
turt2live marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
``` | ||
|
||
|
||
### Potential issues | ||
|
||
See security considerations. | ||
|
||
### Alternatives | ||
|
||
We could reuse `M_USER_DEACTIVATED` and introduce an additional field: | ||
|
||
| Name | Type | Value | | ||
|------|------|-------| | ||
| `permanent` | boolean | (optional) If `false`, the account may still be reactivated. | | ||
|
||
in addition to the fields mentioned previously. | ||
|
||
### Security considerations | ||
|
||
This has the potential to expose private data. | ||
|
||
To avoid this, any `M_USER_ACCOUNT_SUSPENDED` MUST NOT be sent without authentication. |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Implementation requirements:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The client implementation requirement has been questioned a bit - I think for this MSC, evidence of clients not exploding would be fine. The list won't be exhaustive or fully representative of the ecosystem, but would indicate the typical user experience.
Specifically, I think the following clients need to be tested with a suspended account:
"Exploding" would be defined as the user being logged out, or otherwise unable to interact with their account. Failing to show the error message ("your account is suspended") is fine, but bonus points to the client if it makes it clear to the user. If the user can (minimally) interact with their rooms without being kicked to an error screen or login page, the client "works", even if clunky.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This testing has been completed by the T&S team at the Foundation. Results are compiled here: https://docs.google.com/document/d/1oTVKRLHCc6x4iYti8bkhRN3YbBO29oAjqmZE-mj-xXY/edit?usp=sharing
TLDR: The above-listed clients all passed, but a few had some weird-ish errors/rough edges. With my SCT hat, I don't think these rough edges are blockers for merging.